build(deps): bump qs and body-parser in /docker/sync-wrap
Closed
Number: #123
Type: Pull Request
State: Closed
Type: Pull Request
State: Closed
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 1
dependabot[bot]Association: Unknown
Comments: 1
Created:
February 12, 2026 at 04:08 PM UTC
(4 months ago)
(4 months ago)
Updated:
February 12, 2026 at 04:09 PM UTC
(4 months ago)
(4 months ago)
Closed:
February 12, 2026 at 04:09 PM UTC
(4 months ago)
(4 months ago)
Time to Close:
1 minute
Labels:
dependencies javascript
dependencies javascript
Description:
Bumps qs and body-parser. These dependencies needed to be updated together.
Updates qs from 6.13.0 to 6.14.1
Changelog
Sourced from qs's changelog.
6.14.1
- [Fix] ensure
arrayLimitapplies to[]notation as well- [Fix]
parse: when a custom decoder returnsnullfor a key, ignore that key- [Refactor]
parse: extract key segment splitting helper- [meta] add threat model
- [actions] add workflow permissions
- [Tests]
stringify: increase coverage- [Dev Deps] update
eslint,@ljharb/eslint-config,npmignore,es-value-fixtures,for-each,object-inspect6.14.0
- [New]
parse: addthrowOnParameterLimitExceededoption (#517)- [Refactor]
parse: useutils.combinemore- [patch]
parse: add explicitthrowOnLimitExceededdefault- [actions] use shared action; re-add finishers
- [meta] Fix changelog formatting bug
- [Deps] update
side-channel- [Dev Deps] update
es-value-fixtures,has-bigints,has-proto,has-symbols- [Tests] increase coverage
6.13.1
- [Fix]
stringify: avoid a crash when afilterkey isnull- [Fix]
utils.merge: functions should not be stringified into keys- [Fix]
parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset- [Fix]
stringify: ensure a non-stringfilterdoes not crash- [Refactor] use
__proto__syntax instead ofObject.createfor null objects- [Refactor] misc cleanup
- [Tests]
utils.merge: add some coverage- [Tests] fix a test case
- [actions] split out node 10-20, and 20+
- [Dev Deps] update
es-value-fixtures,mock-property,object-inspect,tape
Commits
3fa11a5v6.14.1a626704[Dev Deps] updatenpmignore3086902[Fix] ensure arrayLength applies to[]notation as wellfc7930e[Dev Deps] updateeslint,@ljharb/eslint-config0b06aac[Dev Deps] update@ljharb/eslint-config64951f6[Refactor]parse: extract key segment splitting helpere1bd259[Dev Deps] update@ljharb/eslint-configf4b3d39[eslint] add eslint 9 optional peer dep6e94d95[Dev Deps] updateeslint,@ljharb/eslint-config,npmignore973dc3c[actions] add workflow permissions- Additional commits viewable in compare view
Updates body-parser from 1.20.3 to 1.20.4
Release notes
Sourced from body-parser's releases.
1.20.4
What's Changed
- Remove redundant depth check by
@blakeembreyin expressjs/body-parser#538- ci: add support for Node.js v23 by
@Phillip9587in expressjs/body-parser#553- ci: restore CI for 1.x branch by
@bjohansebasin expressjs/body-parser#665- deps: qs@^6.14.0 by
@bjohansebasin expressjs/body-parser#664- deps: use tilde notation and update certain dependencies by
@Phillip9587in expressjs/body-parser#668- chore: remove SECURITY.md by
@Phillip9587in expressjs/body-parser#669- ci: add CodeQL (SAST) by
@Phillip9587in expressjs/body-parser#670- Release: 1.20.4 by
@UlisesGasconin expressjs/body-parser#672Full Changelog: https://github.com/expressjs/body-parser/compare/1.20.3...1.20.4
Changelog
Sourced from body-parser's changelog.
1.20.4 / 2025-12-01
- deps: qs@~6.14.0
- deps: use tilde notation for dependencies
- deps: http-errors@~2.0.1
- deps: raw-body@~2.5.3
Commits
7db202c1.20.4 (#672)d8f8adbci: add CodeQL (SAST) (#670)6d133c1chore: remove SECURITY.md (#669)fcd1535deps: use tilde notation and update certain dependencies (#668)ec5fa29deps: qs@~6.14.0 (#664)ffb95c1ci: restore CI for 1.x branch (#665)48a5f07ci: add support for Node.js v23 (#553)f20f6adRemove redundant depth check (#538)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Package:
qs
Ecosystem:
npm
npm
Version Change:
6.13.0 → 6.14.1
Update Type:
Minor
Minor
Path:
/docker/sync-wrap
Package:
body-parser
Ecosystem:
npm
npm
Version Change:
1.20.3 → 1.20.4
Update Type:
Patch
Patch
Path:
/docker/sync-wrap
Technical Details
| ID: | 13753455 |
| UUID: | 3932659387 |
| Node ID: | PR_kwDOD9nO_M7DUkRe |
| Host: | GitHub |
| Repository: | NHSDigital/sync-wrap |